Move over, Coin: Plastc is making a programmable credit card that moves beyond the swipe

4 Comments

Credit: Plastc

Plastc was later than Coin or LoopPay in unveiling its digital credit card, but it looks as if it used that time to design a more future-proof device. The Palo Alto startup has started taking pre-orders for a universal card that can be used in almost any kind of electronic transaction, whether it involves swiping, waving, tapping or scanning.

Its list of supported technologies includes near-field communications (NFC), Radio Frequency Identification (RFID) and QR code generation, along with a programmable magnetic stripe on its back. But perhaps the most important acronym on its long list of specs is EMV.

Shorthand for Eurocard Mastercard Visa, EMV is the chip and PIN technology already used overseas to make point-of-sale credit card transactions more secure, and it will become a requirement at U.S. checkout counters and cash registers by October 2015.

Source: Plastc

Source: Plastc

The lack of EMV support has been the biggest criticism leveled against Coin (which recently delayed its commercial product launch until next spring) and LoopPay (which began shipping its programmable fobs and iPhone cases this year): Their devices don’t support EMV, condemning them to obsolescence next year.

Plastc’s device will include a programmable EMV chip when it ships next summer, just ahead of the deadline for retail chip and PIN adoption in the U.S. As more banks start issuing EMV cards next year, Plastc will send out firmware updates to ensure they will be compatible with its device, said Mark Stubbs, CEO and founder of Plastc.

At $155, the Plastc Card is also more expensive than its competitors: Coin is $100 and LoopPay’s fob is $39. But Plastc has also loaded on several more features.

The device has an e-ink display that will display your card info, your signature and even your photograph for verification purposes. The display will also show barcodes and QR codes from loyalty cards that retailers scan at the register. Stubbs said the card’s battery is designed to last for 30 days, but when it does need more juice it draws from an included wireless charging pad.

Plastc founders Ryan Marquis and Mark Stubbs (photo: Plastc)

Plastc founders Ryan Marquis and Mark Stubbs

The NFC/RFID technology will be compatible with the contactless terminals making their way into retail stores, though Stubbs and fellow co-founder Ryan Marquis were reluctant to release any details on how it would be implemented. They would only say that they would work with banks that support contact-less payments. While static magnetic stripe data can be read by the Plastc app and replicated on its programmable card, the information used in NFC and EMV transactions is dynamic — which means Plastc will have to work with, rather than apart from, the financial industry.

But Plastc has already started setting the stage for those partnerships. It’s working with American Express, Bank of America, Citi, Charles Schwab, Wells Fargo and U.S. Bank to bring account information directly into its iPhone and Android apps. The idea is that you can see the money available in your checking account right as you swipe your debit card.

The app communicates with the Plastc card through Bluetooth, and like Coin it has built-in security features. After a preset amount of time apart from your phone, the card will wipe itself. As soon as it reestablishes a Bluetooth connection with your phone, your data will automatically transfer back into the card. As an additional security layer, Plastc is putting facial ID software into its app so no one can view, add or change card data without biometric authentication.

Plastc App

Plastc definitely seems to have covered all of the bases, but it had to. By the time its card actually gets in buyers’ hands, we’ll be in the middle of a massive transition to chip and PIN transactions in the U.S. It’s also possible – though by no means assured – that Apple will kickstart the smartphone contactless payments market with Apple Pay next year, making NFC transactions more common.

The whole point of creating a universal credit card — or any kind of digital wallet, for that matter – is to replace the cards in our physical wallets. If you still have to carry plastic around as a back up to your Plastc, then what’s the point in having it?

4 Comments

Raymond Lee

I cannot see how they are going to get multiple keys onto a chip, especially when there is no standard available to do so within the EMV specs. As each chip is perso’d to the individual, and contains keys pertinent to a particular card. They are not designed to be changed dynamically for a new card. Unless they have created a new EMV spec, I just cannot see how this will be done.

Stephen Wilson

While Plastc has a better video than Coin and superior specs on paper, one thing is conspicuously missing from the story: How does a cardholder’s EMV details get cloned into the Plastc chip??

Properly implemented, it should not be possible to create an EMV transaction payload in anything other than an original EMV chip. The whole point of EMV is to prevent skimming and carding. The technology uses private asymmetric keys unique to each cardholder, secreted inside the Chip and PIN card or NFC Secure Element.

Maybe Plastc exploits a weakness someone has discovered in the system? Or maybe it uses Host Card Emulation, with cooperation of the banks, to create a cloud-based card shadow, and then tricks the merchant terminal into a card not present transaction? We don’t really know how it works because the video — while very slick — will show a mock-up.

Reporters covering these new technologies need to press for answers. Coin and Plastc as described fly in the face of EMV principles. Something does not add up.

Kevin Fitchard

Hey Stephen,

Good point, and while I did address that issue in part in the post, I’ll go into more depth now. I did press the founders on how they would implement EMV since they just can’t copy a chip the way they can a mag stripe. They wouldn’t reveal any details. But they did admit the only way the can get these more secure technologies to work would be through direct cooperation of the banks. Basically they won’t be able to clone a chipped the card, they’ll have to get banks configure the programmable chip for each of the cards.

Michael

First copy of this was picked up by flipboard and is full of mistakes making it difficult to read. Maybe read it aloud before posting next time to prevent that.

Comments are closed.